CVE-2022-40302

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FRRouting versions through 8.4

Description An issue in bgpd allows attackers to cause a denial of service by crafting a BGP OPEN message with an option of type 0xff, leading to inconsistent boundary checks and potential out-of-bounds read or assertion failure and daemon restart.

Recommendations For versions through 8.4, consider disabling the BGP OPEN message handler until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2023:6434

ALT-PU-2023-1111

BDU:2023-02322

CVE-2022-40302

DLA-3573-1

DSA-5495-1

RHSA-2023:6434

RHSA-2023_6434

Affected Products

Alt Linux

Almalinux

Frrouting

Red Hat

Red Os

CVE-2022-40302

Weakness Enumeration

Related Identifiers

Affected Products

References · 39